Harbor 部署HTTP
安装docker-compose
[root@k8s-master habor]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@k8s-master bin]# chmod +x /usr/bin/docker-compose
安装并配置habor
[root@k8s-master habor]# tar xzvf harbor-offline-installer-v2.0.0.tgz
[root@k8s-master habor]# cd harbor/
[root@k8s-master harbor]# cp harbor.yml.tmpl harbor.yml
-------------------------------------------------------------------------------------
#修改配置文件
[root@k8s-master harbor]# vi harbor.yml
hostname: 192.168.153.27
harbor_admin_password: Harbor12345
--屏蔽https的配置
---------------------------------------------------------------------------------------
[root@k8s-master harbor]# ./prepare
[root@k8s-master harbor]# ./install.sh
-------------------------------------------------------------------------------------
[root@k8s-master harbor]# docker-compose ps
[root@k8s-master harbor]# docker-compose down
[root@k8s-master harbor]# docker-compose up -d
访问网站
http://192.168.153.27/
Docker登录
http登录,添加可信任
[root@es3 harbor]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["192.168.153.27"]
}
重启相关服务
[root@es3 harbor]# systemctl daemon-reload
[root@es3 harbor]# systemctl restart docker
-------------------------------------------------------------------------------
[root@k8s-master harbor]# docker-compose down
[root@k8s-master harbor]# docker-compose up -d
#如果有harbor,重启docker,就要重启docker-compose
登录验证
[root@es3 harbor]# docker login 192.168.153.27
Login Succeeded
镜像上传与下载
[root@es3 harbor]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hello v1 3ce8dd487dba 16 hours ago 147MB
......
#打标签
[root@es3 harbor]# docker tag hello:v1 192.168.153.27/library/hello:v1
[root@es3 harbor]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.153.27/library/hello v1 3ce8dd487dba 16 hours ago 147MB
hello v1 3ce8dd487dba 16 hours ago 147MB
......
#上传
[root@es3 harbor]# docker push 192.168.153.27/library/hello:v1
#下载
[root@es3 harbor]# docker pull 192.168.153.27/library/hello:v1
Harbor 部署HTTPS
生成证书
[root@es3 ssl]# chmod +x *
[root@es3 ssl]# ls
certs.sh cfssl.sh
Harbor启用HTTPS
hostname: reg.pcitc.com
https:
port: 443
certificate: /root/ssl/reg.pcitc.com.pem
private_key: /root/ssl/reg.pcitc.com-key.pem
重新配置并部署Harbor
[root@k8s-master harbor]# ./prepare
[root@k8s-master harbor]# docker-compose down
[root@k8s-master harbor]# docker-compose up -d
访问网站
https://reg.pcitc.com/
Docker登录
配置客户端hosts(每个节点都要配置)
[root@es3 harbor]# vi /etc/hosts
192.168.153.27 reg.pcitc.com
配置可信任(每个节点都要配置)
[root@es3 ssl]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["reg.pcitc.com"]
}
重启生效
[root@es3 harbor]# systemctl daemon-reload
[root@es3 harbor]# systemctl restart docker
-------------------------------------------------------------------------------
[root@k8s-master harbor]# docker-compose down
[root@k8s-master harbor]# docker-compose up -d
#如果有harbor,重启docker,就要重启docker-compose
登录验证
[root@es3 ssl]# docker login reg.pcitc.com
Login Succeeded
镜像上传与下载
[root@es3 ssl]# docker tag tomcat:v1 reg.pcitc.com/library/tomcat:v1
[root@es3 ssl]# docker push reg.pcitc.com/library/tomcat:v1
#其他节点
[root@prometheus ~]# docker pull reg.pcitc.com/library/tomcat:v1
Harbor 主从复制
主备
• 简单,主挂了切到备Harbor
• 同一时间只有一台提供服务
• 适合少量镜像下载
双主复制
• 双向配置复制
• 两台同时提供服务
• 前面增加负载均衡器
一主多从
• 多个从同步主
• 适合多地区业务、大量镜像下载需求
配置可信任(主节点配置)
[root@es3 ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["reg.pcitc.com","192.168.153.20","192.168.153.25"]
}
[root@es3 ~]# systemctl daemon-reload
[root@es3 ~]# systemctl restart docker
[root@k8s-~ harbor]# docker-compose down
[root@k8s-~ harbor]# docker-compose up -d
主节点登录从节点
[root@es3 harbor]# docker login 192.168.153.20
Login Succeeded
[root@es3 harbor]# docker login 192.168.153.25
Login Succeeded
仓库管理(主机)
[图片上传中...(1638782524681.png-af5ed0-1638791875762-0)]
复制管理(主机)
推送镜像验证
[root@es3 harbor]# docker tag centos:7 reg.pcitc.com/library/centos:7
[root@es3 harbor]# docker push reg.pcitc.com/library/centos:7
Harbor 运维维护
容器 | 功能 |
---|---|
harbor-core | 配置管理中心 |
harbor-db | PG数据库 |
harbor-jobservice | 负责镜像复制 |
harbor-log | 记录操作日志 |
harbor-portal | Web管理页面和API |
nginx | 前端代理,负责前端页面和镜像上传/下载转发 |
redis | 会话 |
registryctl | 镜像存储 |
容器数据持久化目录:/data
日志文件目录:/var/log/harbor
数据库做好定期备份